| Age | Commit message (Collapse) | Author |
|---|
|
coverity seems to think that our siphash code can read past the
end of a short buffer. Add a test which adds very short buffers
with different combinations of length to the hash. Hashing is done
twice, once with zeros following "data", and once with some other
bytes following "data". The two results are then compared to
verify that the result does not depend on bytes past the specified
data length.
(This test passes.)
|
|
The test was failing at -O2+ with gcc 5.3 and 6.0.
"val1" == "val1" and "val1" != "val1" are both valid.
http://stackoverflow.com/questions/4843640/why-is-a-a-in-c
|
|
+ perl -e 'exit(!(qq{0} eq qq{\x25U}))'
exec-spec-interpolation.service: Main process exited, code=exited, status=1/FAILURE
exec-spec-interpolation.service: Unit entered failed state.
exec-spec-interpolation.service: Failed with result 'exit-code'.
PID: 11270
Start Timestamp: Wed 2016-02-17 22:21:31 UTC
Exit Timestamp: Wed 2016-02-17 22:21:31 UTC
Exit Code: exited
Exit Status: 1
Assertion 'service->main_exec_status.status == status_expected' failed at src/test/test-execute.c:65, function check(). Aborting.
|
|
remove bus-proxyd
|
|
Empty strings were ignored in strv_join, but only if they were at the beginning
of the string. Empty strings after at least one non-empty item were treated
normally.
Previously:
{"x"} → "x"
{"x", ""} → "x"
{"x", "", ""} → "x::"
{""} → ""
{"", ""} → ""
{"", "", ""} → ""
{"", "x"} → "x"
{"", "x", ""} → "x:"
Now:
{"x"} → "x"
{"x", ""} → "x"
{"x", "", ""} → "x::"
{""} → ""
{"", ""} → ":"
{"", "", ""} → "::"
{"", "x"} → ":x"
{"", "x", ""} → ":x:"
|
|
This was used by the dkr logic, which is gone now, hence remove this too.
Should we need it one day again the git history never forgets...
Note that this only covers the JSON parser. The JSON generator used by
"journalctl -o json" remains, as its much much simpler and requires no
infrastructure except printf() and the most basic escaping.
|
|
As kdbus won't land in the anticipated way, the bus-proxy is not needed in
its current form. It can be resurrected at any time thanks to the history,
but for now, let's remove it from the sources. If we'll have a similar tool
in the future, it will look quite differently anyway.
Note that stdio-bridge is still available. It was restored from a version
prior to f252ff17, and refactored to make use of the current APIs.
|
|
This feature will not be used anytime soon, so remove a bit of cruft.
The BusPolicy= config directive will stay around as compat noop.
|
|
Remove some old cruft
|
|
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
|
|
As suggested in: https://github.com/systemd/systemd/pull/2542#issuecomment-181877820
|
|
they do
|
|
This formats a struct rlimit the way rlimit_parse() expects it.
|
|
This way we can reuse it for parsing rlimit settings in "systemctl set-property" and related commands.
|
|
|
|
We try to fit the lengthy key data into available space. If the other
fields take less than half of the available columns, we use align everything
in the remaining columns. Otherwise, we put everything after a newline,
indented with 8 spaces.
This is similar to dig and other tools do.
$ COLUMNS=78 ./systemd-resolve -t any .
. IN SOA a.root-servers.net nstld.verisign-grs.com 2016012701 1800 900 604800 86400
. IN RRSIG SOA RSASHA256 0 86400 20160206170000 20160127160000 54549
S1uhUoBAReAFi5wH/KczVDgwLb+B9Zp57dSYj9aX4XxBhKuzccIducpg0wWXhjCRAWuzY
fQ/J2anm4+C4BLUTdlytPIemd42SUffQk2WGuuukI8e67nkrNF3WFtoeXQ4OchsyO24t2
rxi682Zo9ViqmXZ+MSsjWKt1jdem4noaY=
. IN NS h.root-servers.net
. IN NS k.root-servers.net
. IN NS e.root-servers.net
. IN NS c.root-servers.net
. IN NS b.root-servers.net
. IN NS g.root-servers.net
. IN NS d.root-servers.net
. IN NS f.root-servers.net
. IN NS i.root-servers.net
. IN NS j.root-servers.net
. IN NS m.root-servers.net
. IN NS a.root-servers.net
. IN NS l.root-servers.net
. IN RRSIG NS RSASHA256 0 518400 20160206170000 20160127160000 54549
rxhmTVKUgs72G3VzL+1JRuD0nGLIrPM+ISfmUx0eYUH5wZD5XMu2X+8PfkAsEQT1dziPs
ac+zK1YZPbNgr3yGI5H/wEbK8S7DmlvO+/I9WKTLp/Zxn3yncvnTOdjFMZxkAqHbjVOm+
BFz7RjQuvCQlEJX4PQBFphgEnkiOnmMdI=
. IN NSEC aaa ( NS SOA RRSIG NSEC DNSKEY )
. IN RRSIG NSEC RSASHA256 0 86400 20160206170000 20160127160000 54549
HY49/nGkUJJP1zLmH33MIKnkNH33jQ7bsAHE9itEjvC4wfAzgq8+Oh9fjYav1R1GDeJ2Z
HOu3Z2uDRif10R8RsmZbxyZXJs7eHui9KcAMot1U4uKCCooC/5GImf+oUDbvaraUCMQRU
D3mUzoa0BGWfxgZEDqZ55raVFT/olEgG8=
. IN DNSKEY 257 3 RSASHA256 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0
O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0
NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL4
96M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1ap
AzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6
dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ2
5AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1
ihz0=
. IN DNSKEY 256 3 RSASHA256 AwEAAbr/RV0stAWYbmKOldjShp4AOQGOyY3ATI1NUpP4X1qBs
6lsXpc+1ABgv6zkg02IktjZrHnmD0HsElu3wqXMrT5KL1W7Sp
mg0Pou9WZ8QttdTKXwrVXrASsaGI2z/pLBSnK8EdzqUrTVxY4
TEGZtxV519isM06CCMihxTn5cfFBF
. IN RRSIG DNSKEY RSASHA256 0 172800 20160204235959 20160121000000 19036
XYewrVdYKRDfZptAATwT+W4zng04riExV36+z04kok09W0RmOtDlQrlrwHLlD2iN/zYpg
EqGgDF5T2xlrQdNpn+PFHhypHM7NQAgLTrwmiw6mGbV0bsZN3rhFxHwW7QVUFAvo9eNVu
INrjm+sArwxq3DnPkmA+3K4ikKD2iiT/jT91VYr9SHFqXXURccLjI+nmaE7m31hXcirX/
r5i3J+B4Fx4415IavSD72r7cmruocnCVjcp+ZAUKeMyW+RwigzevLz3oEcCZ4nrTpGLEj
wFaVePYoP+rfdmfLfTdmkkm4APRJa2My3XOdGFlgNS1pW1pH4az5LapLE2vMO7p1aQ==
-- Information acquired via protocol DNS in 14.4ms.
-- Data is authenticated: no
|
|
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be
interrupted where they should (SIGINT, ...).
Fixes #1965
|
|
When the user specifies "foo*" as unit name glob expression, we shouldn't turn this into "foo*.service". Hence: only
append a suffix if the specified string isn't a glob expression.
Fixes: #2397
|
|
THis is otherwise really hard to read...
|
|
Ask password unicode fix
|
|
|
|
[v1] core: resolve specifier in config_parse_exec()
|
|
Let's make sure the root domain is normalized to ".", rather than then empty string, so that there's actually something
to see on screen. Normally, we don't append a trailing dot to normalized domain names, but do so in the one exception
of the root domain, taking inspiration from UNIX file system paths.
|
|
CID #1327432.
|
|
CID #1339830.
|
|
CID #1341451.
|
|
equivalent
|
|
empty non-terminals generally lack NSEC RRs, which means we can deduce their existance only from the fact that there
are other RRs that contain them in their suffix. Specifically, the NSEC proof for NODATA on ENTs works by sending the
NSEC whose next name is a suffix of the queried name to the client. Use this information properly.
|
|
In contrast to ascii_strcasecmp_nn() it takes two character buffers with their individual length. It will then compare
the buffers up the smaller size of the two buffers, and finally the length themselves.
|
|
dns_name_startswith() is to dns_name_endswith() as startswith() is to endswith().
|
|
|
|
Also add a coccinelle receipt to help with such transitions.
|
|
The ambient capability tests are only run if the kernel has support for
ambient capabilities.
|
|
Change the capability bounding set parser and logic so that the bounding
set is kept as a positive set internally. This means that the set
reflects those capabilities that we want to keep instead of drop.
|
|
Now, config_parse_exec() use the userdata as unit and assert on NULL. So
allocate empty unit and use that on config_parse_exec().
|
|
Fixes:
$ make valgrind-tests TESTS=test-rlimit-util
...
Running test-rlimit-util
Assertion 'setrlimit(RLIMIT_NOFILE, &new) >= 0' failed at src/test/test-rlimit-util.c:41, function main(). Aborting.
See http://valgrind.org/docs/manual/dist.news.old.html
The setrlimit system call now simply updates the emulated limits as best
as possible - the hard limit is not allowed to move at all and just
returns EPERM if you try and change it.
|
|
Previously, we'd not allow control characters to be embedded in domain
names, even when escaped. Since cloudflare uses \000 however to
implement its synthethic minimally covering NSEC RRs, we should allow
them, as long as they are properly escaped.
|
|
All our other domain name handling functions make no destinction between
domain names that end in a dot plus a NUL, or those just ending in a
NUL. Make sure dns_name_compare_func() and dns_label_unescape_suffix()
do the same.
|
|
Be stricter when searching suitable NSEC3 RRs for proof: generalize the
check we use to find suitable NSEC3 RRs, in nsec3_is_good(), and add
additional checks, such as checking whether all NSEC3 RRs use the same
parameters, have the same suffix and so on.
|
|
Note that this is still not complete, one additional step is still
missing: when we verified that a wildcard RRset is properly signed, we
still need to do an NSEC/NSEC3 proof that no more specific RRset exists.
|
|
basic: add RB-Tree implementation
|
|
This adds an self-standing RB-Tree implementation to src/basic/. This
will be needed for NSEC RR lookups, since we need "close lookups", which
hashmaps (not even ordered-hashmaps) can give us in reasonable time.
|
|
|
|
canonical names
We'll need this later when putting together RR serializations to
checksum.
|
|
Dns label fixes + unrelated selinux clean-up
|
|
|
|
We need to check the same thing in multiple tests. Use a shared
macro to make it easier to update the list of errnos.
Change the errno code for "unitialized cgroup fs" for ENOMEDIUM.
Exec format error looks like something more serious.
This fixes test-execute invocation in mock.
|
|
test-acl-util: fix two issues from review
|
|
https://github.com/systemd/systemd/pull/2063
|
|
Some calls used ENOBUFS to indicate too-short result buffers, others
used ENOSPC. Let's unify this on ENOBUFS.
|
